Managing Security Risks: 4 Common Security Gaps in The Workplace

Having a state of the art cybersecurity system that protects company-owned devices doesn’t mean your organisation is immune to security gaps. There still might be security risks that you are not aware of, and this could lead to data loss, security breaches, and violations of privacy laws.

With the PDPA clamping down on organisations who are lax in their treatment of personal information, every company should take the necessary precautions.

Here are 4 common security gaps in the workplace and tips on how to improve the management of your security:

1) Careless Employees

The Risk

- Often security issues can be pinpointed back to one employee who made a mistake. Studies suggest that up to 95% of information security breaches involve human error. Some of these errors can include easy-to-guess passwords, lost devices, accidental disclosure of information by email, unnecessary printing of sensitive information, leaving confidential papers unattended and improperly disposing of documents.

The Solution

- One of the best ways to handle this is to use automated safeguards such as password management, identity and access management, network access rules and rigorous processes and procedures for all data across all media. Encourage your employees to have secure work habits through awareness campaigns. For example, the Shred-it all Policy, if properly embedded, directs employees to securely destroy all documents when they are no longer needed, thus reducing the risk of a data breach.

2) Mobile Devices & Internet of Things (IoT)

The Risk

- Singapore is one of the top Asian countries in terms of technological advances, so it’s no surprise that our mobile workforce is growing, and it does not look like this will change anytime soon. Mobile and IoT devices are therefore a prime target for cyber criminals. With the right equipment, access to mobile devices is easy and apps pose a huge IT security risk, with hundreds being found to have security issues in 2016.

The Solution

- The best way to prevent a security breach on mobile and IoT devices is to implement a well-supported mobility and security awareness program. You can also choose to teach best practices to your employees on how to recognize and respond to suspicious text messages, also known as SMishing. It is also best to create a list of approved apps and limit the number of apps on your phone.

3) Insider Fraudsters

The Risk

- According to the Global Fraud and Risk report by Kroll, 2016 saw a hike in the number of fraud and risk incidents. In the cases, when the perpetrator was identified, 81% of them were insiders. The 2016 Global Fraud Study showed that a lack of internal controls was the most prominent contributing factor leading to fraud in organisations.

The Solution

- One of the best ways to detect fraud in the workplace is through tip offs given by other employees. By providing a reporting hotline, employees will be able to share information that could help reduce the risk of fraud. Another way is by implementing a Clean Desk policy. This way, security risks will be managed by encouraging employees to not leave confidential information out in the open and creating a security conscious working environment.

4) Breach Response

The Risk

- When a breach hits an organisation, some find themselves unprepared in how to respond. The damages inflicted becomes much larger and can lead to damaging loss of credibility for the organisation, especially when the organisations take a longer time to detect and remediate breaches.

The Solution

- One thing an organisation can do to reduce information security risk is to form an internal incident response team to ensure that there are up-to-date controls in place and create a comprehensive incident response plan. By having a plan in place, everyone will be prepared on the necessary steps to take when a data breach occurs.

There are many different ways to minimise the risks of data breaches, whether it be an upgraded cybersecurity system or a Clean Desk Policy. The important thing to remember is that data security encompasses physical security as well as digital security and that the best security also looks into the human element for a truly holistic approach.

ABS CertifiedShred-it has been certified by the Association of Banks in Singapore (ABS) as an approved outsourced service provider. OSPAR (Outsourced Service Provider’s Audit Report) assesses control and governance, and standardises requirements and auditing processes for firms providing services to the financial industry, confirmed by an annual independent audit.

NAID MemberShred-it Singapore is a NAID Member, adhering to the stringent security practices and procedures established by the National Association for Information Destruction.